VDB
CVE-2020-15184
CVE-2020-15184
PUBLISHED
In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the `dependencies` field of any untrusted chart, verifying that the `alias` field is either not used, or (if used) does not contain newlines or path characters.
EPSS 0.23% · 46.4th percentile
Risk Scores
EPSS Score
0.23%
46.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | helm | 2.0.0, 3.0.0 |
| Bitnami | helm | 3.0.0, 2.0.0 |
Timeline
- Sep 17, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Nov 19, 2021 CVE Updated
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score